Information Security News mailing list archives
Study: Admins slow in patching Apache-SSL servers
From: InfoSec News <isn () c4i org>
Date: Wed, 21 Aug 2002 03:34:58 -0500 (CDT)
http://www.nwfusion.com/news/2002/0820apssl.html By Joris Evers IDG News Service 08/20/02 Many Web servers running Apache-SSL remain vulnerable to attacks, although a June security alert prompted administrators to patch standard Apache Web installations, according to a survey released Tuesday. About 75% of Web sites hosted on Apache-SSL servers are vulnerable, as the software has not been upgraded to fix a serious flaw uncovered in June, according to a survey by Web server information firm Netcraft, of Bath, England. Administrators seem to have given priority to patching regular Apache installations, as about half of the 22 million Web sites that rely on Apache are protected through an Apache software upgrade, Netcraft said. Apache-SSL is a combination of the Apache Web server and OpenSSL security software meant to offer secure Web site connections. Apache-SSL is used for electronic commerce Web sites, for example. Both Apache and OpenSSL are open-source products developed by volunteers. The Apache Software Foundation, which supports the Apache open-source project, in June advised administrators to upgrade their Apache installations because of a flaw in the way the Web server parses uploaded data, a so-called chunked encoding vulnerability. The flaw affects all versions of Apache 1.2, versions of Apache 1.3 up to 1.3.24 and versions of Apache 2 up to 2.0.36, according to a statement from the Foundation released on June 20. Apache is the most used Web server software in the world, with 66% of active sites running Apache, according to Netcraft. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Study: Admins slow in patching Apache-SSL servers InfoSec News (Aug 21)